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Description 

[0001] The present invention relates generally to a 
manner by wlilch to effectuate authentication of commu- 
nication stations operable in a communication system, 
such as a Bluetooth-based communication system. 
More particularly, the present invention relates to appa- 
ratus, and an associated method, by which to facilitate 
authentication of at least a portion of the networl< infra- 
structure of the Bluetooth-based, or other, communica- 
tion system by a mobile terminal. Operation of an em- 
bodiment of the present invention provides for effectu- 
ation of authentication without compromising the confi- 
dentiality of identifiers used In the authentication proce- 
dures. 

BACKGROUND OF THE INVENTION 

[0002] Advancements in communication technolo- 
gies have permitted the development, and populariza- 
tion, of new types of communication systems. Multi-us- 
er, wireless communication systems are exemplary of 
communication systems made possible as result of 
such advancements. A cellular communication system 
is a multi-user, wireless communication system capable 
of concurrent use by large numbers of users. 
[0003] In a cellular communication system, as well as 
other types of radio communication systems, a commu- 
nication channel formed between a sending station and 
a receiving station is formed of a radio channel defined 
upon a portion of the electromagnetic spectrum. A wire- 
line connection is not required to be formed between the 
sending and receiving stations. Thereby, a radio com- 
munication system is inherently of increased communi- 
cation mobility, relative to conventional wireline commu- 
nication systems. 

[0004] Digital communication techniques have been 
implemented in radio, as well as other, communication 
systems. Digital communication techniques generally 
permit the communication system in which the tech- 
niques are implemented to achieve greater communica- 
tion capacity contrasted to conventional, analog com- 
munication techniques. 

[0005] Information which is to be communicated in a 
communication system which utilizes digital communi- 
cation techniques, typically, digitizes the information to 
fonn digital bits. The digital bits are typically fomiatted 
according to a formatting scheme. Groups of the digital 
bits, for Instance, are positioned to form a packet, and, 
one or more packets of data are sometimes together de- 
fined to form a frame of data. 

[0006] Because packets, or frames, of data can be 
communicated at discrete intervals, rather than contin- 
uously, a frequency band need not be dedicated solely 
for the communication of data between one communi- 
cation pair. Instead, the frequency band can be shared 
amongst a plurality of different communication pairs. 
The ability to share the frequency band amongst the 



more than one communication pair permits a multiple 
increase in the communication capacity of the system. 
[0007] Packet-data communications are effectuated, 
for instance, in conventional LANs (Local Area Net- 

s ' works). Wireless networks, operable in manners analo- 
gous to wired LANs, referred to as WLANs (Wireless 
Local Area Networks) have also been developed and 
are utilized to communicate data over a radio link. Some 
of such packet communication systems are able to pro- 

10 vide for voice, as well as nonvoice, communications. 
[0008] A WIO (Wireless Intranet Office) is exemplary 
of a packet radio communication system which is intend- 
ed to provide voice, and other real time, communica- 
tions. Voice communications by way of a WIO provides 

IS the advantage of use of a wireless communication sys- 
tem in a cost-effective manner. Voice, as well as other 
data, can be communicated between mobile terminals 
operable in such a system. Various aspects of conven- 
tional cellular, or microcellular, communication systems 

20 are conventionally utilized in a WIO system. 

[0009] For instance, authentication procedures are 
carried out to ensure that the mobile station and the net- 
work portion of the WIO system are authentic. Subse- 
quent to authentication, communications are permitted 

25 between the mobile station and network portion of the 
system. 

[0010] At least one proposal has been set forth by 
which to provide a dual-mode mobile terminal, operable 
in both a conventional cellular, such as a GSM (Global 

30 System for Mobile communications) communication 
system, and also a WIO network. In particular, one WIO 
network is proposed to utilize Bluetooth radio technolo- 
gy in which Bluetooth signals form the radio access me- 
dium between the mobile terminal and corresponding 

35 infrastructure of the WIO network. In order to create a 
secure radio link, the device is to be operable pursuant 
to a communication session, i.e., the Bluetooth mobile 
terminal of the dual-mode mobile terminal and the Blue- 
tooth network infrastructure of the WIO system, must 

40 authenticate each other. Once authenticated, encryp- 
tion keys can be used by the devices to encrypt signals 
to be communicated therebetween. 
[001 1] The Bluetooth standard, for instance, sets forth 
an authentication procedure by which Bluetooth devices 

45 authenticate each other and provides for execution of a 
procedure referred to as pairing. In a pairing procedure, 
a secret, link key is created, based upon secret identifi- 
ers, referred to as PIN codes, of a Bluetooth device. 
Once pairing has been completed, a link key to be used 

50 subsequently between the devices is created. 

[0012] Such a pairing process, however, requires us- 
er interaction and therefore is not automated. 
[0013] An automated procedure by which authentica- 
tion can be performed would be advantageous. 

55 [0014] It is in light of this background information re- 
lated to radio communication systems that the signifi- 
cant improvements of the present invention have 
evolved. 
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SUMMARY OF THE INVENTION 

[0015] The present invention, accordingly, advanta- 
geously provides apparatus, and associated methodol- 
ogy, by which to facilitate authentication of at least a por- s 
tion of the network of a Bluetooth-based, or other, com- 
munication system by a mobile terminal. Authentication 
is performed automatically, without requiring user inter- 
action, and maintains the confidentiality of the identifiers 
used in the authentication procedure. io 
[0016] In one aspect of the present invention, a man- 
ner is provided by which to facilitate authentication by a 
dual-mode, mobile terminal. In a first of the dual modes, 
the mobile terminal is operable to communicate in a WIO 
(Wireless Intranet Office) with a PBU (Personal Base 
Unit) forming a portion of the network infrastructure of 
the WIO. The PBU is coupled to be able to access a 
storage device located, for instance, at an ILR (Intranet 
Location Register), which also forms a portion of the net- 
work infrastructure of the WIO. The storage device lo- 20 
cated at the ILR stores identifiers identifying mobile ter- 
minals permitted to communicate by way of the WIO. In 
one implementation, the identifiers form PIN codes as- 
sociated with respective ones of the mobile terminals. 
During authentication procedures, the PIN code asso- 25 
ciated with a mobile terminal requesting authentication 
is retrieved from the storage device of the ILR and uti- 
lized during the authentication procedures. By storing 
the identifier at the storage device of the ILR, the iden- 
tifier is accessible, such as by way of a wireline connec- 30 
tion formed between the ILR and the personal base unit 
when authentication procedures are to be performed. 
Once the identifier is retrieved from the storage device 
of the ILR, the value thereof is utilized in authentication 
procedures by which the mobile terminal authenticates 35 
the personal base unit. 

[0017] In another aspect of the present invention, the 
dual-mode, mobile terminal is also operable in a cellular 
communication system, such as a GSM (Global System 
for Mobile communications) communication system. In ■*o 
one implementation, indications of the identifier stored 
at the storage device of the ILR are provided thereto dur- 
ing operation of the mobile terminal to communicate by 
way of the cellular communication system. 
[0018] Namely, authentication procedures are first 4S 
performed pursuant to operation of the mobile terminal 
in the cellular communication system and, thereafter, 
communications are effectuated therethrough, utilizing 
encryption, as appropriate. Pursuant to operation of the 
mobile terminal with the cellular communication system, so 
indications of the identifier identifying the mobile termi- 
nal in the Bluetooth communication system, such as the 
PIN code, is provided to the network infrastructure of the 
cellular communication system. Once received at the 
network infrastructure of the cellular communication 55 
system, the indications of the identifier are routed to the 
storage device at the ILR. 

[0019] Thereafter, when the mobile terminal is to be 



operated pursuant to the Bluetooth communication sys- 
tem, the identifier stored at the storage device is re- 
trieved and thereafter used during authentication proce- 
dures by which the mobile terminal authenticates the 
personal base unit of the Bluetooth communication sys- 
tem. In an implementation in which the cellular commu- 
nication system forms a GSM communication system 
which provides for SMS (Short Message Service) mes- 
saging, the Indicator, such as the PIN code, is formatted 
into a SMS message. And, the SMS message is sent to 
the network infrastructure of the cellular communication 
system, routed to a SMS service center, and, thereafter, 
to the ILR at which the storage device is located. 
[0020] In one implementation in which SMS messag- 
ing is utilized to communicate the indicator to the ILR, a 
service request is first sent by the mobile terminal to a 
service number of the wireless Intranet office. The IMSI 
and IMEI of the mobile terminal, both defined in the GSM 
communication system, are used as parameters in such 
service request message. The message is routed to a 
service center of the WIO. Once detected at the WIO 
service center, the identity of the requesting device is 
checked, based upon the values of the IMSI and IMEI 
contained in the message. If a determination is made 
that service with the mobile terminal would be permitted, 
the service center of the WIO returns a message to the 
mobile terminal, also in the form of a SMS message, 
with the network Identifier of the WIO, as well as other 
relevant parameters. Thereafter, the mobile terminal 
generates a SMS message containing the identifier, 
such as the PIN code, associated with the mobile termi- 
nal. The indications of the identifier contained in the 
SMS message are later utilizable in authentication pro- 
cedures by which the mobile terminal authenticates one 
or more personal base units of the WIO. 
[0021] In another aspect of the present invention, 
public key authentication and encryption is utilized by 
which the mobile terminal authenticates the personal 
base unit of the WIO. A non-secure link is establishable 
between the mobile terminal and the personal base unit 
of the Bluetooth communication system. A public key is 
thereafter provided by the personal base unit of the 
Bluetooth communication system to the mobile terminal. 
The public key is used by the mobile terminal to encrypt 
the identifier of the mobile temiinal, such as the PIN 
code identifying the mobile terminal, and, once encrypt- 
ed, the identifier is provided to the personal base unit. 
Once provided to the personal base unit, authentication 
procedures are carried out between the mobile terminal 
and the personal base unit, thereby to authenticate the 
personal base unit to the mobile terminal. 
[0022] In these and other aspects, therefore, appara- 
tus, and an associated method, is provided for facilitat- 
ing authentication in a mobile communication system. 
The mobile communication system has a mobile termi- 
nal operable to communicate pursuant to a first radio 
communication system and to communicate pursuant 
to a second radio communication system. Authentica- 
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tion of the second radio communication system is facil- 
itated. A storage element is coupled to the second radio 
communication system. The storage element stores in- 
dications of a secured identifier which identifies the mo- 
bile terminal in the second radio communication system. 
The indications of the secured identifier are accessible 
by the second radio communication system to be used 
in authentication procedures by the mobile terminal to 
authenticate the second radio communication system. 
[0023] A more complete appreciation of the present 
invention and the scope thereof can be obtained from 
the accompanying drawings which are briefly summa- 
rized below, the following detailed description of the 
presently-preferred embodiments of the invention, and 
me appended claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0024] 

Figure 1 illustrates a functional block diagram of a 
radio communication system in which an embodi- 
ment of the present invention is operable. 
Figure 2 illustrates a partial functional-btoclc, dia- 
gram of portions of the communication system 
shown in Figure 1 together with a sequence of sig- 
nals generated during operation of an embodiment 
of the present invention. 

Figure 3 illustrates a message sequence diagram 
listing the sequence of messaging generated during 
operation of an embodiment of the present inven- 
tion. 

Figure 4 illustrates a message sequence diagram 
listing the sequencing of messages generated dur- 
ing another embodiment of the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENT 

{0025] Referring first to Figure 1 , a radio communica- 
tion system, shown generally at 10, is operable to pro- 
vide for radio communications with a multi-node mobile 
temiinal 12. In the exemplary implementation, the sys- 
tem 10 includes a WIG {Wireless Intranet Office) por- 
tion, formed of the elements positioned above the line 
14, shown in dash, and, also, a cellular portion, formed 
of the elements shown beneath the line 14 in the Figure. 
In the exemplary implementation, the WIG portion is a 
Bluetooth-based system operable to comply with the 
standard specifications set forth in a relevant Bluetooth 
standard specification. And, in the exemplary imple- 
mentation, the cellular portion is formed of a GSM (Glo- 
bal System for Mobile communications) network. In oth- 
er implementations, the radio communication system 1 0 
is formed of portions operable pursuant to other com- 
munication system standards. Operation of various em- 
bodiments of the present invention are also analogously 
operable in such other communication systems. 



[0026] The mobile terminal 12 here forms a dual- 
mode mobile terminal operable in each of the WIG and 
cellular portions of the communication system. More 
generally, the mobile temninal 12 forms a multi-mode 

s mobile terminal; in other implementations, the mobile 
terminal 12 is further operable pursuant to additional 
WIG networks in addition to the single WIG network 
shown in the Figure. And, the mobile terminal 1 2, in oth- 
er such implementations, is also operable to communi- 

10 cate by way of more than one cellular network. 

[0027] Accordingly, the mobile terminal 12 includes 
cellular transceiver circuitry 16 and WIG network trans- 
ceiver circuitry, here Bluetooth transceiver circuitry 18, 
thereby to permit communications with the mobile ter- 

15 minal by way of either portion of the radio communica- 
tion system. 

[0028] A PIN code 22 is associated with the Bluetooth 
transceiver circuitry 1 8. The PIN code uniquely identifies 
the Bluetooth transceiver circuitry. In an implementation 
20 in which the mobile terminal 12 includes additional Blue- 
tooth transceiver circuitry elements, additional PIN 
codes are associated with each additional Bluetooth 
transceiver circuitry element. 

[0029] The WIG portion of the system 10 includes a 

25 plurality of PBUs 26, each of which includes Bluetooth 
transceiver circuitry 28. The Bluetooth transceiver cir- 
cuitry 28 associated with each of the PBUs permits Blue- 
tooth-based communications with the mobile terminal 
12 when the mobile terminal 12 is positioned in areas, 

30 here referred to as cells 32, defining the coverage areas 
of the transceiver circuitry 28. Each of the PBUs 26, and 
the Bluetooth transceiver circuitry 28 embodied therein, 
is coupled to a packet data network, here a Local Area 
Network (LAN) 34. The LAN 34 is further coupled to an 

35 A-interface Gate Way (AGW) 36 and to an intranet Lo- 
cation Register (ILR) 38. The gateway 36 forms a gate- 
way between the portions of the radio communication 
system and is here operable to perform the functions of 
a traffic router and data converter between the two por- 

40 tions. The ILR 38 operates to form a data base which 
stores subscriber data associated with the mobile ter- 
minal. 

[0030] Pursuant to an embodiment of the present in- 
vention, the ILR 38 includes a storage device 42 oper- 
4S able to store information to be used during authentica- 
tion procedures prior to the effectuation of communica- 
tion with the mobile terminal. 

[0031] The cellular portion of the communication sys- 
tem includes a Trans Coder Sub-Multiplexer (TCSM) 46 

50 coupled to the gateway 36. The sub-multiplexer is op- 
erable to perform transcoding operations. The cellular 
portion of the communication system is further shown 
to include a Base Station Control (BSC) 48, and a Base 
Transceiver Station (BTS) 52. The BTS 52 is operable 

55 in conventional manner to transceive communication 
signals with the mobile terminal 12, and the controller 
48 is operable, also in conventional manner, to control 
operation of the base transceiver station 52. The cellular 
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communication portion of the communication system is 
further shown to include an HLR (Home Location Reg- 
ister) 54, also operable in conventional manner to main- 
tain, amongst other things, subscription-related infor- 
mation pertaining to the mobile terminals operable in the 
cellular system portion of the communication system. 
[0032] The storage device 42 embodied at the ILR 38 
includes storage locations for the storage thereat of 
identifiers Identifying the Bluetooth transceiver circuitry, 
such as the Bluetooth transceiver circuitry element 18 
of the mobile terminal 12, operable in the Bluetooth-net- 
work portion of the radio communication system. Here, 
the storage device stores data permitting a mapping be- 
tween the IMSI value of the mobile terminal, defined in 
the GSM communication system, and a value of 
BD_ADDR, defined in the Bluetooth communication 
system. Thereby, the mobile terminal 12 is identified in 
terms of a GSM identifier together with the identifier of 
the Bluetooth transceiver circuitry, also forming a portion 
of the mobile terminal. And, more particularly, the IMEI 
of the mobile station Is stored at the storage device 42, 
here indicated in the column 62, and the Bluetooth unit 
description of the Bluetooth transceiver circuitry con- 
tained in the associated mobile terminal is indicated to 
be stored in the column 64. The Bluetooth unit descrip- 
tion is, for instance, the BD_ADDR of the Bluetooth 
transceiver circuitry. The BD_ADDR is a 48-bit code 
uniquely identifying the Bluetooth transceiver circuitry. 
The description may also be fomned of the PIN code as- 
sociated with the Bluetooth transceiver circuitry, and the 
link key, i.e., the unit key associated with the Bluetooth 
transceiver circuitry. The storage device, for instance, 
further stores subscription data associated with the mo- 
bile terminal. 

[0033] The data stored at the storage device 42 is uti- 
lized during authentication procedures when the mobile 
terminal is to communicate by way of the Bluetooth net- 
work portion of the radio communication system. That 
is to say, when communication is to be effectuated by 
way of the Bluetooth network portion of the communi- 
cation system, the Bluetooth transceiver circuitry 28 of 
an appropriate PBU 26 and the corresponding Bluetooth 
transceiver circuitry 1 8 of the mobile terminal form a ra- 
dio link and communicate therebetween. Prior to effec- 
tuation of communications therebetween, authentica- 
tion procedures are performed, at least by the mobile 
terminal, to authenticate the TBU 26, viz., the Bluetooth 
transceiver circuitry 28 associated therewith. 
[0034] When authentication is requested, the storage 
device 42 of the ILR 38 is accessed, by way of the LAN 
34. The identifiers identifying the Bluetooth transceiver 
circuitry 1 8 of the mobile terminal are retrieved from the 
storage device 42 and provided to the Bluetooth trans- 
ceiver circuitry 28 of the appropriate PBU. Such values 
are used, as shall be described below, in the authenti- 
cation procedures. Once authentication is completed, 
Bluetooth-based communications between the mobile 
terminal and the Bluetooth portion of the communication 



system is permitted. 

[0035] Figure 2 illustrates portions of the radio com- 
munication system 10 shown in Figure 1. Namely, Fig- 
ure 2 illustrates the mobile terminal 1 2, the PBU 26, and 

5 the storage device 42 forming a portion of the ILR 38. 
Signaling between the mobile terminal 12 and the PBU 
26 by way of a Bluetooth radio link is further illustrated 
in the Figure as is also signaling between the PBU 26 
and the storage device 42. Operation of an embodiment 

10 of the present invention by which to facilitate authenti- 
cation procedures is described as follows. It should be 
noted that, while reference shall be made to the mobile 
terminal and PBU 26, signaling actually is effectuated 
between the Bluetooth transceiver circuitry 1 8 and 28 of 

IS the respective devices. 

[0036] When the mobile terminal enters into an area 
encompassed by the Bluetooth portion of the communi- 
cation system and the mobile terminal is to commence 
a communication session, a signal is transmitted by the 

20 mobile terminal to the PBU. Namely, a LMP (Link Man- 
ager Protocol) message, LMP_ln_RAND signal is sent 
by the mobile terminal to the PBU. Such a signal is de- 
fined in an existing Bluetooth standard. The message is 
indicated by the segment 72 shown in the Figure. Then, 

2S a reply message the mobile terminal sends an additional 
message, a LMP_ accepted message, indicated by the 
segment 74, is returned by the PBU to the mobile ter- 
minal. The PBU (here the claimant) may deny pairing. 
Here, to continue the pairing procedure, the PBU cre- 

30 ates an init key based upon the data of the segment 72. 
[0037] Then, mutual normal authentication based up- 
on the init keys, created at both sides, is performed. The 
PBU inquires of the storage device 42 of a Bluetooth 
identifier which identifies the Bluetooth transceiver cir- 

35 cuitry of the mobile terminal from which the message 72 
originated. The identifier, here PIN_INFO, associated 
with the mobile terminal is accessed and indications 
thereof are returned to the PBU. Here, the inquiry mes- 
sage is indicated by the segment 76, and the response 

40 thereto is indicated by the segment 78. Both storage de- 
vice 42 and the link on which the messages 76 and 78 
are communicated are secured, thereby preventing un- 
authorized access to the information stored at, and re- 
trieved from, the storage device. Once returned to the 

*5 PBU, such Information Is utilized in subsequent authen- 
tication procedures. 

[0038] Then, the mobile terminal (here, the verifier) 
sends an authentication request to the PBU. First, here 
indicated by the segment 82, a LMP_au_rand message 

50 is sent by the mobile terminal over the Bluetooth radio 
link to the PBU. The LMP_au_rand message is based 
on the init key of the mobile terminal. 
[0039] The PBU, in turn, responds with a message, 
indicated by the segment 84, a LMP_sres message. 

55 Then, LMP_au_rand exchanges are performed, indicat- 
ed by the segment 86. The values are based upon the 
init key of the PBU. Then, and as Indicated by the seg- 
ment 88, a LMP.sres message Is sent by the mobile 
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terminal to the PBU. The PIN code of the PBU is fixed, 
e.g. , for the entire network. This facilitates determination 
at the mobile terminal of whether reception at the mobile 
terminal of a value of a PIN code is sent by a valid PBU. 
[0040] If both of the authentications are successful, i. 
e.. If the mobile terminal knows the fixed PIN code of the 
PBU and the PBU knows the PIN code of the mobile 
terminal (fetched from the data base), then a link key 
can be created between the mobile terminal and the 
PBU. The link key that is used in the exemplary imple- 
mentation is the unit key of the Bluetooth transceiver of 
the mobile terminal. LMP_unit_key messages, here rep- 
resented by the segments 92 and 94, are then ex- 
changed between the mobile terminal and the PBU. 
[0041] In one implementation, the identifiers, such as 
the PIN codes associated with the Bluetooth transceiver 
circuitry 1 8, are stored in the storage device 42 pursuant 
to a subscription by a user of the mobile terminal to com- 
municate in the Bluetooth network to which the storage 
device is coupled. 

[0042] Figure 3 illustrates another manner by which 
the identifying information is stored at the storage de- 
vice. In the implementation shown in Figure 3. advan- 
tage is taken of the dual-mode nature of the mobile ter- 
minal and the authentication procedures carried out in 
the cellular communication system prior to which com- 
munications are permitted in the cellular system. En- 
cryption keys are also exchanged between the mobile 
terminal and the network portion of the cellular commu- 
nication system as a result of the authentication proce- 
dures, and, thereby, the communications between the 
mobile terminal and the network infrastructure of the cel- 
lular communication system are thereafter ensured to 
be secured. 

[0043] When communications by way of the Bluetooth 
network are to be effectuated, the mobile terminal 12 
first sends a SMS message, indicated by the segment 
102, to a service center, here indicated at 104, associ- 
ated with the Bluetooth, WIO network. The SMS mes- 
sage is routed, in conventional fashion, through the net- 
work infrastructure, such as by way of a SMS service 
center coupled to the infrastructure, and then on to the 
WIO service center. The SMS message includes values 
indicative of the IMSI and IMEI of the mobile terminal. 
The WIO service center 1 04, upon detection of the mes- 
sage, checks for the identity of the requesting mobile 
terminal, the method of which is derived from conven- 
tional GSM roaming concepts. 
[0044] If a determination is made at the WIO service 
center that service can be admitted, a SMS message, 
indicated by the segment 106, is returned to the mobile 
terminal 12. The message 106 includes an indication of 
the network identifier of the Bluetooth network, the LAC 
(Location Area Code) thereof, and other appropriate pa- 
rameters. The mobile terminal is then able to check with 
its own network for the validity of the service center reply 
parameters contained In the message 1 06. If a determi- 
nation of network validity is made and is in the affirma- 



tive, the mobile terminal sends another SMS message, 
here indicated by the segment 108, to the WIO service 
center 104. The message 108 includes the identifier, 
such as the Bluetooth PIN code associated with the 
s Bluetooth transceiver circuitry of the mobile terminal. 
When detected at the WIO service center, such identifier 
is stored at the storage device 42 thereof, and a SMS 
message, here indicated by the segment 112, is re- 
turned to the mobile terminal confirming the registration 
10 of the mobile terminal for service by way of the Bluetooth 
network. Thereafter, authentication procedures, such as 
described with respect to Figure 2, are performed. 
[0045] Figure 4 illustrates an alternate manner by 
which the identifier is provided to the Bluetooth trans- 
is ceiver circuitry of the PBU 26 of the Bluetooth network 
portion of the communication system. In this embodi- 
ment, the access procedure is based upon public key 
authentication and encryption. 

[0046] The storage device, in this implementation, 

20 need not be located at, e.g., the ILR of the Bluetooth 
network portion. Rather, each PBU 26 may include a 
storage device at which the identifier is stored and used 
pursuant to authentication procedures. 
[0047] When the mobile terminal 12 enters a cell 18 

25 associated with the PBU 26, a non-secure link, indicated 
by the segment 122, is formed between the PBU and 
the mobile terminal by way of a Bluetooth radio link. 
Then , and as indicated by the segment 1 24, a public key 
associated with the PBU is sent, by way of the Bluetooth 

30 radio link, to the mobile terminal. The public key, in one 
implementation, is transmitted together with an an- 
nouncement of a Bluetooth speech service, such as a 
WIO service advertisement message. 
[0048] Upon receipt of the public key, the mobile ter- 

35 minal encrypts the identifier associated with the Blue- 
tooth transceiver circuitry thereof and sends the identi- 
fier, once encrypted into encrypted form, to the PBU in 
a Bluetooth message, indicated by the segment 126. 
Thereafter, conventional authentication procedures can 

40 be performed. 

[0049] Thereby, a manner is provided by which to pro- 
vide indications of an identifier which identifies uniquely 
the Bluetooth transceiver circuitry of a mobile terminal 
to the network infrastructure of the Bluetooth network 

45 portion of the radio communication system. The identi- 
fier is provided to the network infrastructure of the Blue- 
tooth network portion in a manner which assures that 
the identifier is not accessible to others than those au- 
thorized. And, thereby, the mobile terminal is able to au- 

50 thenticate the Bluetooth network portion of the commu- 
nication system. 

[0050] The preferred descriptions are of preferred ex- 
amples for implementing the invention, and the scope 
of the invention should not necessarily be limited by this 
55 description. The scope of the present invention is de- 
fined by the following claims. 



6 



11 



EP 1 146 692 A2 



12 



Claims 

1 . In a mobile communication system having a mobile 
temiinal operable to communicate pursuant to a 
first radio communication system and to communi- 
cate pursuant to a second radio communication 
system, an improvement of apparatus for facilitating 
authentication of the second radio communication 
system to communicate pursuant to the second ra- 
dio communication system, said apparatus com- 
prising: 

a storage element coupled to the second ra- 
dio communication system, said storage element 
for storing indications of a secured-identifier identi- 
fying the mobile terminal in the second radio com- 
munication system, the indications of the secured 
identifier accessible by the second radio communi- 
cation system to be used in authentication proce- 
dures by the mobile terminal to authenticate the 
second radio communication system. 

2. The apparatus of claim 1 wherein the second radio 
communication system comprises a Bluetooth- 
based system having a Bluetooth network including 
at least one Bluetooth personal base unit and an 
ILR (Intranet Location Register), and wherein said 
storage element is embodied at the ILR. 

3. The apparatus of claim 2 wherein the Bluetooth- 
based system defines PIN codes associated with 
mobile terminals operable therein and wherein the 
secured-identifier, indications of which are stored at 
said storage element, comprises a PIN code asso- 
ciated with the mobile terminal. 

4. The apparatus of claim 2 wherein the at least one 
Bluetooth personal base unit of the Bluetooth- 
based system comprises a first Bluetooth personal 
base unit and at least a second Bluetooth personal 
base unit, and wherein the authentication proce- 
dures using the secured identifier authenticates at 
least one of the first and at least second Bluetooth 
personal base units, respectively. 

5. The apparatus of claim 2 wherein the first radio 
communication system comprises a cellular com- 
munication system and wherein said storage ele- 
ment, embodied at the ILR, is further coupled to the 
cellular communication system. 

6. The apparatus of claim 5 wherein the secured-iden- 
tifier stored at said storage element is provided 
thereto, to be stored thereat, by way of the cellular 
communication system. 

7. The apparatus of claim 2 wherein the cellular com- 
munication system includes network infrastructure, 
wherein the ILR at which said storage element is 



embodied is coupled to the networ1( infrastructure 
and wherein the secured-identifier is provided to the 
network infrastructure of the cellular communica- 
tion system by the mobile terminal, and then routed 
5 to the ILR to be stored at said storage element. 

8. The apparatus of claim 7 wherein the cellular com- 
munication system provides for packet-data com- 
munications with the mobile terminal and wherein 

10 the secured-identifier, provided to the network infra- 
structure to be routed to the ILR at which said stor- 
age element is embodied, is provided to the network 
infrastructure by the mobile terminal as a packet- 
data message. 

15 

9. The apparatus of claim 8 wherein the cellular com- 
munication system comprises a GSM (Global Sys- 
tem for Mobile communication) system providing for 
SMS (Short Message Service) service, and wherein 

20 the packet-data message provided by the mobile 
terminal to the network infrastructure comprises a 
SMS message. 

10. The apparatus of claim 1 wherein the second radio 
25 communication system comprises a Bluetooth- 
based communication system having a Bluetooth 
network including at least one Bluetooth personal 
base unit, said storage element at least coupled to 
the Bluetooth personal base unit, and wherein the 

30 secured-identifier identifying the mobile terminal is 
sent. In encoded form, by the mobile terminal to the 
Bluetooth personal base unit 

11. The apparatus of claim 10 wherein the Bluetooth 
35 personal base unit provides the mobile tennlnal with 

an encryption key and wherein the secured-identi- 
fier sent, in encoded form, is encrypted into the en- 
coded form with the encryption key. 

40 12. The apparatus of claim 11 wherein the secured- 
identifier, once provided to the 

13. In a method for communicating in a mobile commu- 
nication system having a mobile terminal operable 
45 to communicate pursuant to a first radio communi- 
cation system and to communicate pursuant to a 

second radio communication system, an improve- 
ment of a method for facilitating authentication of 
the second radio communication system to commu- 
50 nicate pursuant to the second radio communication 
system, said method comprising: 

storing indications of a secured-identifier iden- 
tifying the mobile terminal in the second radio 
55 communication system; 

accessing the indications of the secured-iden- 
tifier stored during said operation of storing 
when the second radio communication system 
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is to be authenticated; and 
using the indications of the secured-identifierto 
authenticate the second radio communication 
system by the mobile temninal. 

14. The method of claim 13 wherein the second radio 
communication system comprises a Bluetooth- 
based system having at least one Bluetooth person- 
al base unit and an ILR (Intranet Location Register) 
and wherein said operation of storing is performed 
at the ILR. 

15. The method of claim 14 wherein the at least one 
Bluetooth personal base unit comprises a first Blue- 
tooth personal base unit and at least a second Blue- 
tooth personal base unit and wherein the indica- 
tions of the secured-identifier used during said op- 
eration of using are used to authenticate at least 
one of the first and the at least second Bluetooth 
base units. 



mobile terminal with the encryption key sent to 
the mobile terminal; 

communicating the secure-identifier, once en- 
crypted, to the network infrastructure; and 
authenticating the network infrastructure by the 
mobile terminal. 

20. The method of claim 19 wherein the second radio 
communication system comprises a Bluetooth- 
based communication system, wherein the mobile 
terminal comprises a PIN uniquely identifying the 
mobile terminal and wherein the secured identifier 
encrypted during said operation of encrypting com- 
prises the PIN associated with the mobile terminal. 



16. The method of claim 14 comprising the additional 
operation, prior to said operation of storing, of com- 
municating the indications of the secured-identifier, 
by way of the first radio communication system, to 25 
the ILR. 



17. The method of claim 16 wherein the first radio com- 
munication system comprises a cellular communi- 
cation system which provides for packet communi- 30 
cations and wherein the said operation of commu- 
nicating comprises sending a packet-data message 
to the ILR. 



18. The method of claim 17 wherein the cellular com- 35 
munication system comprises a GSM system pro- 
viding for SMS communications and wherein the 
packet-data message sent during said operation of 
sending comprises a SMS message. 

40 

19. In a method for communicating in a mobile commu- 
nication system having a mobile terminal operable 
to communicate pursuant to a first radio communi- 
cation system and to communicate pursuant to a 
second radio communication system, the second 45 
radio communication system having network infra- 
structure, an improvement of a method for facilitat- 
ing authentication of the second radio communica- 
tion system to communicate pursuant to the second 
radio communication system, said method compris- so 
ing: 

forming a nonsecure link between the mobile 
terminal and the network infrastructure of the 
second radio communication system; 55 
sending an encryption key associated with the 
network infrastructure to the mobile terminal; 
encrypting a secure-identifier identifying the 
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